Revert "Merge pull request #137 from 1Password/feature/migrate-to-sdk"

This reverts commit 38b333095d, reversing changes made to 652d567877.
2026-03-02 18:41:50 -05:00
parent cb7c5acc8a
commit 7d4e24a43f
7 changed files with 21 additions and 369 deletions
--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -1,7 +1,6 @@
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
 import { read, setClientInfo } from "@1password/op-js";
-import { createClient, Secrets } from "@1password/sdk";
 import {
 	extractSecret,
 	loadSecrets,
@@ -17,13 +16,6 @@ import {
 } from "./constants";

 jest.mock("@1password/op-js");
-jest.mock("@1password/sdk", () => ({
-	createClient: jest.fn(),
-	// eslint-disable-next-line @typescript-eslint/naming-convention
-	Secrets: {
-		validateSecretReference: jest.fn(),
-	},
-}));

 beforeEach(() => {
 	jest.clearAllMocks();
@@ -145,13 +137,7 @@ describe("extractSecret", () => {
 	});
 });

-describe("loadSecrets when using Connect", () => {
-	beforeEach(() => {
-		process.env[envConnectHost] = "https://localhost:8000";
-		process.env[envConnectToken] = "token";
-		process.env[envServiceAccountToken] = "";
-	});
-
+describe("loadSecrets", () => {
 	it("sets the client info and gets the executed output", async () => {
 		await loadSecrets(true);

@@ -189,199 +175,6 @@ describe("loadSecrets when using Connect", () => {
 	});
 });

-describe("loadSecrets when using Service Account", () => {
-	const mockResolve = jest.fn();
-
-	beforeEach(() => {
-		process.env[envConnectHost] = "";
-		process.env[envConnectToken] = "";
-		process.env[envServiceAccountToken] = "ops_token";
-
-		Object.keys(process.env).forEach((key) => {
-			if (
-				typeof process.env[key] === "string" &&
-				process.env[key]?.startsWith("op://")
-			) {
-				delete process.env[key];
-			}
-		});
-		process.env.MY_SECRET = "op://vault/item/field";
-
-		(createClient as jest.Mock).mockResolvedValue({
-			secrets: { resolve: mockResolve },
-		});
-
-		mockResolve.mockResolvedValue("resolved-secret-value");
-	});
-
-	it("does not call op env ls when using Service Account", async () => {
-		await loadSecrets(false);
-		expect(exec.getExecOutput).not.toHaveBeenCalled();
-	});
-
-	it("sets step output with resolved value when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.setOutput).toHaveBeenCalledTimes(1);
-		expect(core.setOutput).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-secret-value",
-		);
-	});
-
-	it("masks secret with setSecret when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.setSecret).toHaveBeenCalledTimes(1);
-		expect(core.setSecret).toHaveBeenCalledWith("resolved-secret-value");
-	});
-
-	it("does not call exportVariable when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	it("exports env and sets OP_MANAGED_VARIABLES when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-secret-value",
-		);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			envManagedVariables,
-			"MY_SECRET",
-		);
-	});
-
-	it("does not set step output when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.setOutput).not.toHaveBeenCalledWith(
-			"MY_SECRET",
-			expect.anything(),
-		);
-	});
-
-	it("masks secret with setSecret when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.setSecret).toHaveBeenCalledTimes(1);
-		expect(core.setSecret).toHaveBeenCalledWith("resolved-secret-value");
-	});
-
-	it("returns early when no env vars have op:// refs", async () => {
-		Object.keys(process.env).forEach((key) => {
-			if (
-				typeof process.env[key] === "string" &&
-				process.env[key]?.startsWith("op://")
-			) {
-				delete process.env[key];
-			}
-		});
-		await loadSecrets(true);
-		expect(exec.getExecOutput).not.toHaveBeenCalled();
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	it("wraps createClient errors with a descriptive message", async () => {
-		(createClient as jest.Mock).mockRejectedValue(
-			new Error("invalid token format"),
-		);
-		await expect(loadSecrets(false)).rejects.toThrow(
-			"Service account authentication failed: invalid token format",
-		);
-	});
-
-	describe("multiple refs", () => {
-		const ref1 = "op://vault/item/field";
-		const ref2 = "op://vault/other/item";
-		const ref3 = "op://vault/file/secret";
-
-		beforeEach(() => {
-			process.env.MY_SECRET = ref1;
-			process.env.ANOTHER_SECRET = ref2;
-			process.env.FILE_SECRET = ref3;
-
-			mockResolve
-				.mockResolvedValueOnce("value1")
-				.mockResolvedValueOnce("value2")
-				.mockResolvedValueOnce("value3");
-		});
-
-		it("resolves each ref and sets step output for each when export-env is false", async () => {
-			await loadSecrets(false);
-
-			expect(mockResolve).toHaveBeenCalledTimes(3);
-			expect(mockResolve).toHaveBeenCalledWith(ref1);
-			expect(mockResolve).toHaveBeenCalledWith(ref2);
-			expect(mockResolve).toHaveBeenCalledWith(ref3);
-
-			expect(core.setOutput).toHaveBeenCalledTimes(3);
-			expect(core.setOutput).toHaveBeenCalledWith("MY_SECRET", "value1");
-			expect(core.setOutput).toHaveBeenCalledWith("ANOTHER_SECRET", "value2");
-			expect(core.setOutput).toHaveBeenCalledWith("FILE_SECRET", "value3");
-
-			expect(core.setSecret).toHaveBeenCalledTimes(3);
-		});
-
-		it("resolves each ref and exports each and sets OP_MANAGED_VARIABLES when export-env is true", async () => {
-			await loadSecrets(true);
-
-			expect(mockResolve).toHaveBeenCalledTimes(3);
-
-			expect(core.exportVariable).toHaveBeenCalledWith("MY_SECRET", "value1");
-			expect(core.exportVariable).toHaveBeenCalledWith(
-				"ANOTHER_SECRET",
-				"value2",
-			);
-			expect(core.exportVariable).toHaveBeenCalledWith("FILE_SECRET", "value3");
-
-			const exportVariableCalls = (core.exportVariable as jest.Mock).mock
-				.calls as [string, string][];
-			const managedVarsCall = exportVariableCalls.find(
-				([name]) => name === envManagedVariables,
-			);
-			expect(managedVarsCall).toBeDefined();
-			const managedList = (managedVarsCall as [string, string])[1].split(",");
-			expect(managedList).toContain("MY_SECRET");
-			expect(managedList).toContain("ANOTHER_SECRET");
-			expect(managedList).toContain("FILE_SECRET");
-			expect(managedList).toHaveLength(3);
-
-			expect(core.setSecret).toHaveBeenCalledTimes(3);
-		});
-	});
-
-	describe("secret reference validation", () => {
-		it("fails with clear message when a secret reference is invalid", async () => {
-			process.env.MY_SECRET = "op://x";
-			(Secrets.validateSecretReference as jest.Mock).mockImplementationOnce(
-				() => {
-					throw new Error("invalid reference format");
-				},
-			);
-
-			await expect(loadSecrets(true)).rejects.toThrow(
-				"Invalid secret reference(s): MY_SECRET",
-			);
-			expect(mockResolve).not.toHaveBeenCalled();
-		});
-
-		it("validates all refs before resolving any secrets", async () => {
-			process.env.MY_SECRET = "op://vault/item/field";
-			process.env.OTHER = "op://vault/other/item";
-			(Secrets.validateSecretReference as jest.Mock).mockImplementation(
-				(ref: string) => {
-					if (ref === "op://vault/other/item") {
-						throw new Error("invalid");
-					}
-				},
-			);
-
-			await expect(loadSecrets(false)).rejects.toThrow(
-				"Invalid secret reference(s): OTHER",
-			);
-			expect(mockResolve).not.toHaveBeenCalled();
-		});
-	});
-});
-
 describe("unsetPrevious", () => {
 	const testManagedEnv = "TEST_SECRET";
 	const testSecretValue = "MyS3cr#T";